So, Anonymous, under the guise of its AntiSec campaign, has hacked an Apple server, got access to 27 administrator usernames and passwords, and put them on Pastebin. Is it time to panic? Is it time to point and laugh at Apple? Is it time to stop using iTunes? Not really - this is a small hack that will cause little to no damage.

Now, PHP is a terrible choice for doing this sort of benchmark due to high string overhead. But the prototype was quick and I believe my point stands.

The unsalted and simple salt algorithms have nearly the same forward hashing performance. The HMAC algorithm (which calls the sha hash twice under the hood) is slower by roughly a factor of two.

This shows that forward hashing is not significantly affected by adding salt. If you buy all this, then the answer to my second assertion is true.

"True but you would need one rainbow table for each possible salt. The longer the salt, the more tables needed. This is why salting defeats rainbow tables in practice."

I wasn't really talking about "rainbow tables" specifically, I was talking about indexes like the one in the link I provided.

A rainbow table discards information in a time/space tradeoff and is therefor a subset of a more complete index. Whether or not they are effected by salt probably depends on the salting algorithm and the way in which the rainbow tables are generated. But this does not affect a dictionary permutation attack.